Subscribe to our Threatpost Today newsletter

Join thousands of people who receive the latest breaking cybersecurity news every day.

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.

*

*

I agree to my personal data being stored and used to receive the newsletter

*

I agree to accept information and occasional commercial offers from Threatpost partners

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.

Lenovo warned customers on Friday that two critical Broadcom vulnerabilities impacts 25 models of its popular ThinkPad brand. The vulnerabilities were first revealed in September and originally they were only reported to impact specific Broadcom chipsets used in Apple iPhones, Apple TV and Android devices.

Lenovo has expanded that list to include two dozen ThinkPads that use Broadcom’s BCM4356 Wireless LAN Driver for Windows 10. According to the Lenovo advisory, the Wi-Fi chipsets contain the same firmware vulnerabilities CVE-2017-11120 and CVE-2017-11121 patched by Apple and Google in September.

Both vulnerabilities are tied to controllers used by Broadcom’s wireless LAN driver that contain buffer overflow flaws, which can be exploited by an attacker that can gain arbitrary code execution on the adapter, but not the targeted system’s CPU. Both CVEs are rated “critical” and have scores of 10 on Mitre’s CVSS scale.

The CVE-2017-11120 vulnerability was first identified by Google Project Zero researcher Gal Beniamini in June and disclosed publicly in September as a proof-of-concept bug report.

“Upon successful execution of the exploit, a backdoor is inserted into the firmware, allowing remote read/write commands to be issued to the firmware via crafted action frames (thus allowing easy remote control over the Wi-Fi chip),” Beniamini said.

The vulnerability lives in Broadcom chips used by Apple in the iPhone and other products, including tvOS used in Apple TV, and watchOS used in the Apple Watch. Android also makes use of the same chips, and Google patched the bug in the September Android Security Bulletin.

As for CVE-2017-11121, that vulnerability was also discovered by Beniamini and is a buffer overflow vulnerability caused by improper validation of Wi-Fi signals. “Properly crafted malicious over-the-air Fast Transition frames can potentially trigger internal Wi-Fi firmware heap and/or stack overflows, leading to denial of service or other effects,” according to researchers.

Authors

Threatpost

InfoSec Insider Post

InfoSec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.

Sponsored

Sponsored Post

Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.